On 07/19/11 22:28, LWChris@LyricWiki wrote:
.. I've got no idea why that script is a "big security risk"..
He said right in the first post of that discussion:
"you broadcast your private data (e.g. password) in a cross-domain
fashion to all iframes and frames on that page"
If you use this script, any frame on the page can see the value that you
are retrieving. Likely a privacy risk long before a security risk. A
problem, but a much smaller potential problem than unsafeWindow.
It's only used on one domain and nearly all its pages. That domain is
100% trusted (lyrics.wikia.com, I'm one of the admins there)...
And you 100% trust that there's no vulnerabilities (XSS?) in any of the
programs running anywhere on that domain?
Long story short, security is a Hard Problem.
--
You received this message because you are subscribed to the Google Groups
"greasemonkey-users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/greasemonkey-users?hl=en.
